基于国产密码算法的数控网络的认证与验证模型研究及安全评估  被引量：20

作　　者：夏晓峰 向宏 肖震宇 蔡挺 XIA Xiaofeng;XIANG Hong;XIAO Zhenyu;CAI Ting(Key Laboratory of Dependable Service Computing in Cyber Physical Society,Ministry of Education,Chongqing 400044,China;School of Bigdata and Software Engineering,Chongqing University,Chongqing 400044,China)

机构地区：[1]信息物理社会可信服务计算教育部重点实验室,重庆400044 [2]重庆大学大数据与软件学院,重庆400044

出　　处：《电子与信息学报》2020年第8期1846-1852,共7页Journal of Electronics & Information Technology

基　　金：国家重点研发计划(2017YFB0802400),国家十三五密码发展基金(MMJJ20180211);重庆市研究生导师团队建设项目;重庆市研究生教育教学改革研究项目(yjg192003)。

摘　　要：该文针对工业控制系统安全,提出面向数控系统(NCS)网络安全保护技术框架,选用国产密码系列算法中的SM2,SM3,SM4算法,设计并建立了数控网络(CNC)认证与验证模型(AUTH-VRF),分内外两层为数控网络提供安全防护。外层为数控网络设备间通信与传输进行安全认证实现网段隔离,内层验证通信协议完整性以确保现场设备接收运行程序的正确性与有效性;通过基于SM2,SM3,SM4算法设计和部署的外层防护装置,为分布式数控(DNC)设备与数控系统之间的通信提供身份认证与文件加密传输;同时针对工业控制网络的S7Comm工业通信协议数据,通过SM3算法验证专有工业协议数据完整性。通过网络攻击实验证明,AUTH-VRF模型可以为数控网络中工业生产数据提供有效的安全认证和资源完整性保护,为满足我国关键基础设施“国内、国外工业控制系统产品共同安全可控”和“安全技术深入工业控制系统各个层级”的需求提供了实际可行的技术参考方案。For the security of industrial control system,a framework for Numerical Control System(NCS)network security protection technology is proposed.The SM2,SM3 and SM4 algorithms in the domestic cryptographic algorithms are used to design and establish the AUTHentication and VRFfication(AUTH-VRF)model of the Computerized Numerical Control(CNC)network,which provides security protection for both internal and external sides.The external side conducts the security authentication for communication and transmission between CNC network devices to achieve network segment isolation.The internal side verifies communication protocol integrity to ensure that the operating procedures received by the field devices are correct and valid.The external protection device designed and deployed based on the SM2,SM3 and SM4 algorithms provides identity authentication and file encryption transmission for communication between the Distributed Numerical Control(DNC)device and the CNC system.At the same time,for the proprietary industrial communication protocol data in the CNC network,the SM3 algorithm is used to verify its integrity.The network attack experiments prove that the AUTH-VRF model can provide effective security certification and integrity protection for industrial production data in CNC networks.It also provides a practical technical approach to meet the requirements of‘secure and controllable both for domestic and foreign products’,as well as‘applying security technique to all layers of Industrial Control Systems’for protecting the critical infrastructure.

关 键 词：国产密码算法 数控网络 安全认证 完整性验证 

分 类 号：TN918[电子电信—通信与信息系统] TP309.2[电子电信—信息与通信工程]